Application Security Analyst
Indexed description
Could that be you?
Your Opportunity
As an Application Security Analyst, you will be helping to ensure our software is built to the highest security standards possible. You will work with software, devops, and network engineers, project managers, and business analysts, assisting them in applying appropriate security activities throughout the Software Development Lifecycle, while helping to define and build relevant controls and promote their adoption across the organisation.
Successful people in Security maintain close relationships with people across TPG Telecom, foster friendly working environments and a willingness to ask questions. You will do this through empathy and integrity; demonstrating these qualities is important to the role. We accept everyone for who they are and encourage people to innovate; mistakes are normal, and we value people who are willing to try new approaches to old problems.
You'll Make Impact By
- Work with software engineering teams as the application security subject matter expert.
- Contribute to the implementation and operation of our application security control suite, including automated static analysis and composition (SAST and SCA) tools, dynamic security testing (DAST) tools, supporting projects in utilising them effectively.
- Collaborate with development teams to conduct secure code reviews / white-box security testing for projects, identifying and recommending remediation for security-related issues.
- Work closely with other Technical Security teams, such as our Red and Blue teams, to help find security vulnerabilities in our software systems.
- Perform threat assessments of projects and stories ensuring we build applications that are secure-by-design, and that are compliant to our policy set, security strategy and legislations.
- Promote security awareness and be an advocate for our application security policies and standards as well as help our developers build secure systems.
- Collaborate with development teams to conduct write a design threat and risk assessment for each project/story that you work on.
- Secure code reviews for projects, identifying and recommending remediation for security-related issues
- Undertake threat-based risk assessments of applications, including developing threat models to identify, quantify and address security threats at various stages of the development lifecycle.
- Support the deployment and conduct of static and dynamic application security testing.
- Write risk reports outlining findings, recommendations and risks according to TPG Telecom’s Risk Management Policy.
- Provide subject matter expertise support to development teams on adhering to Secure Software Development Life Cycle checkpoints.
- Application security or digital assurance teams; or
- Software engineering or devsecops teams, with some exposure to Java, Javascript, Python, and Cloud-based systems - with a healthy side- interest in cyber security concepts that you are excited to develop!
- Coding experience in languages such as Java, JavaScript, or Python
- Security certifications such as CSSLP , CISSP, CompTIA Security+, or OSWE, are not necessary but are favoured.
- Flexible hybrid way of working (from home and office)
- ‘Stay Connected Mobile’ – Access to a free mobile plan
- ‘Stay Connected NBN’ – Access to a free, high‑speed NBN plan (up to 500 Mbps)
- ‘Your Leave’ - an additional 4 days of leave to be used whenever you like - every year
- Access to TPG Learning Hub platform and internal development opportunities
- Access to Corporate Partner Discounts
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search